LittleSnitch for Linux

Serhii-Set 18 hours ago|

[dead]

valeriozen 23 hours ago||

[dead]

gauravkashyap6 1 day ago||

[dead]

T3RMINATED 17 hours ago||

[dead]

BLACKCRAB 21 hours ago||

[dead]

serious_angel 1 day ago||

  > The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name.  
  > And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably.  
  > That's not an option here.
  > 
  > Source: https://web.archive.org/web/20260409002901/https://obdev.at/products/littlesnitch-linux/index.html

The above feels like an utter AI slop nonsense, sorry. I believe eBPF, the Linux Kernel feature, is absolutely capable for accuracy and perfect processing of network traffic.

Have you ever checked Calico or Cilium, or at least, Oryx?

littlesnitch 21 hours ago||

eBPF programs are able to accuratly process network traffic in high performance, but the amount of CPU instructions you can use is limited. Otherwise it would not be high performance. This limits the complexity of in-kernel processing.

serious_angel 20 hours ago||

Thank you for the response. Yet, how the heck the CPU instructions you inject in (that are being processed within the same network processing) limit the capabilities of the flow, if you literally put your calls within the same networking context? Please provide any actual document that proves your point.

jiveturkey 1 day ago||

I guess you haven't actually implemented anything in eBPF.

serious_angel 20 hours ago|||

I have, but in the scopes of Kprobes non-network but memory. Here, I am sure you haven't at this point. I also provided projects you may check prior stating another nonsense. Instead, you could also provide some more evidence you disagree with.

heatpump5n 1 day ago|||

Can you elaborate? I thought eBPF was created to be used in high performance scenarios, so I am confused why this shouldn't be posssible.

jiveturkey 11 hours ago||

eBPF runs in an extremely constrained environment, in order to protect the kernel. indeed, it's quite high performance. but not high flexibility.

shawnta 1 day ago|

Great website features, exactly what I needed, thank you.